Krebs on Security: Patch Tuesday, September 2019 Edition

Krebs on Security: Patch Tuesday, September 2019 Edition. “Microsoft today issued security updates to plug some 80 security holes in various flavors of its Windows operating systems and related software. The software giant assigned a ‘critical’ rating to almost a quarter of those vulnerabilities, meaning they could be used by malware or miscreants to hijack vulnerable systems with little or no interaction on the part of the user.”

Krebs on Security: Patch Tuesday Lowdown, July 2019 Edition

Krebs on Security: Patch Tuesday Lowdown, July 2019 Edition. “Microsoft today released software updates to plug almost 80 security holes in its Windows operating systems and related software. Among them are fixes for two zero-day flaws that are actively being exploited in the wild, and patches to quash four other bugs that were publicly detailed prior to today, potentially giving attackers a head start in working out how to use them for nefarious purposes.”

Patch Tuesday: Here’s what’s new for Windows 7 and 8.1 (Neowin)

Neowin: Patch Tuesday: Here’s what’s new for Windows 7 and 8.1. “Today is Patch Tuesday, the second Tuesday of the month when Microsoft releases updates for all supported versions of Windows. While that means that all but one version of Windows 10 got cumulative updates, older versions like Windows 7 and Windows 8.1 get updates as well. If you’re still on Windows 7 SP1 or Windows Server 2008 R2 SP1, you’ll get KB4503292 as this month’s rollup.”

Ars Technica: Microsoft practically begs Windows users to fix wormable BlueKeep flaw

Ars Technica: Microsoft practically begs Windows users to fix wormable BlueKeep flaw. “In a Blog post published late Thursday night, members of the Microsoft Security Response Center cited findings published Tuesday by Errata Security CEO Rob Graham that almost 1 million Internet-connected computers remain vulnerable to the attacks. That indicates those machines have yet to install an update Microsoft issued two weeks ago patching against the so-called BlueKeep vulnerability, which is formally tracked as CVE-2019-0708. The exploits can reliably execute malicious code with no interaction on the part of an end user. The severity prompted Microsoft to take the unusual step of issuing patches for Windows 2003, XP, and Vista, which haven’t been supported in four, five, and two years, respectively.”

Ars Technica: WannaCry? Hundreds of US schools still haven’t patched servers

Ars Technica: WannaCry? Hundreds of US schools still haven’t patched servers. “If you’re wondering why ransomware continues to be such a problem for state and local governments and other public institutions, all you have to do to get an answer is poke around the Internet a little. Publicly accessible security-scan data shows that many public organizations have failed to do more than put a bandage over long-standing system vulnerabilities that, if successfully exploited, could bring their operations to a standstill.”

Threatpost: Microsoft Patches Zero-Day Bug Under Active Attack

Threatpost: Microsoft Patches Zero-Day Bug Under Active Attack. “Among the other critical bugs patched, system administrators are urged to immediately deploy fixes for a Remote Desktop Services remote code-execution vulnerability (CVE-2019-0708). The bug is notable for a number of reasons. One, it’s ‘wormable’ flaw and has the potential to be exploited in a fast-moving malware attack similar to WannaCry. As a testament to its potential for havoc, Microsoft has also gone the extra step in deploying patches to Windows XP and Windows 2003 for the bug, neither of which is still supported via monthly Patch Tuesday updates.”

BetaNews: Micropatch now available for Internet Explorer security hole

BetaNews: Micropatch now available for Internet Explorer security hole. “Through its 0patch platform, ACROS Security is making the micropatch available to Windows users who are concerned about the security of Internet Explorer. While there are likely to be concerns voiced about installing a security patch from a third party, there are two things to consider here.”